Virtual Private Server

An introduction about using an FTP program to make a connection to a web server. In this example I am using ws_ftp pro.

Shopping cart software is an application that is used to create and run a sales website. Like any website, it involves two main components: the storefront and the administrator’s area.

Shopping Cart Software

The storefront is the area where visitors can interact with the site, usually to select the items that they want to buy and paying for them. It can be as simple or as complex as the needs of the store.

The administrator’s area is the part where the configuration of the website can be modified. Common modifications are inclusion/deletion of products, inclusion/modification of categories, changes in price, etc.

While there are some commercial shopping cart software applications, many individuals are turning to free shopping cart software. Their objective is, obviously, to save money.

An outsider might think it’s difficult to find free shopping cart software, much even less good free shopping cart software. However, it is surprising to see all the options that are available, and most of them are very good ones.

Here’s a list of the main free shopping cart software applications on the market today: Magento, osCommerce , Virtuemart (+ Joomla), Ubercart (+ Drupal), X-Cart , Zen Cart , ShopCMS , CS-Cart , Cube Cart , eCommerce Framework G5 (ECF), Ecommerce Templates , FlyingCart, Go Ecommerce EShop Builder , Interspire Shopping Cart , iScripts Multicart , JadaSite , JShop , LiteCommerce , PhPepperShop, PrestaShop, ProductCart , Ecommerce Shopping Cart Software , VP-ASP Shopping Cart , WebAsyst Shop-Script , and Zeus Cart (AJ Shopping Cart).

Of course, the first question that comes to mind is why would the developers of all these applications would give them away for free. In fact, there are several good reasons, but let’s see the two that are most important.

The first one is to break a lock up of a market by a single company. If a company has a captive market for a type of product, other markets can break it by distributing their source freely. This forces the monopolizing company to reduce its prices and its power on the market, while at the same time, making consumers aware of other possible suppliers and the quality of their work.

Secondly, some companies release watered-down versions of their applications for free, and then charge customers for the use of the full features of the application. Even if the client doesn’t choose the paid application, it makes publicity for the company and clients may want to buy the company’s other products.

In any case, free shopping cart software has made the rise of e-commerce possible, allowing it to become such an important part of the world’s economy.

70-686 Exam
Pro: Windows® 7, Enterprise Desktop Administrator
Language(s): English
Audience(s): IT Professionals
Technology: Windows 7
Type: Proctored Exam

About 70-686 Exam
70-686 exam is intended to validate a candidates ability to support medium to very large computing environments that use Windows 7. These responsibilities include setting the strategic direction for the client computers, the supporting infrastructure, and the applications.
 
Audience Profile
Candidates for 70-686 exam should have a minimum of three years of experience installing, configuring, and administering clients in a Windows networked environment and also have experience deploying operating systems and applications. Candidates should be familiar with the client administration capabilities of Windows Server and with management tools such as the System Center suite of products.
Credit Toward Certification
Exam 70-686: Pro: Windows 7, Enterprise Desktop Administrator: counts as credit toward the following certification(s):
Microsoft Certified IT Professional: Windows 7, Enterprise Desktop Administrator
Note 70-686 exam guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use 70-686 preparation guide to prepare for the exam, regardless of its format. 

Skills Being Measured
70-686 exam measures your ability to accomplish the technical tasks listed below.
The percentages indicate the relative weight of each major topic area on the exam.
 
Planning and Managing a Client Life Cycle Strategy
Plan and manage client licensing and activation.
70-686 objective may include but is not limited to: applications and operating systems; activation method; KMS vs. MAK; prerequisites; choosing a SKU; licensing infrastructure; licensing compliance audits; inventory audits; virtualization licensing considerations; making recommendations for licensing strategy and compliance
Plan and manage software updates.
70-686 objective may include but is not limited to: application updates and operating system updates; evaluating and approving software updates; enterprise applications; designing an update strategy; choosing an update tool; planning and deploying a service pack; schedule considerations; network considerations; test updates; auditing for security compliance
Plan and manage a physical hardware and virtualization strategy.
70-686 objective may include but is not limited to: analyzing existing hardware environment; determining which systems meet minimum requirements; tradeoffs of physical vs. VDI environment; network load considerations; disk space; direct connection vs. brokered connection; determining a VHD strategy; choosing 32 bit vs. 64 bit
Designing a Standard Image
Design an image creation strategy.
70-686 objective may include but is not limited to: identifying operating system and enterprise applications that will be included with the standard image; thick, thin, or hybrid; role-based or geographic-based images vs. single core image; image localization
Design a custom image.
70-686 objective may include but is not limited to: identifying applications to be installed; identifying features and components to be enabled or disabled; testing the customized image
Define an image update strategy.
70-686 objective may include but is not limited to: performance optimization; security considerations; efficiency; offline servicing vs. online or post-image updates; re-creating; recapturing
Designing Client Configurations
Design standard system settings.
70-686 objective may include but is not limited to: choosing methods, including logon scripts, startup scripts, and Group Policy; designing profiles; designing error reporting; designing audit policy
Define client security standards.
70-686 objective may include but is not limited to: application control policies; encryption; stopping unnecessary services; designing firewall rules; defining anti-malware settings; changes to Kerberos and NTLM; configuring user rights; defining UAC policy; designing a security template for system lockdown; defining account policies; designing security standards for removable storage
Define Windows Internet Explorer settings.
70-686 objective may include but is not limited to: defining security zones; cache location; branding; in-private mode; restricting or allowing plug-ins; add-ons; privacy policy; browser protected mode
Designing a Windows 7 Client Deployment
Analyze the environment and choose appropriate deployment methods.
70-686 objective may include but is not limited to: building the infrastructure; advantages of lite-touch vs. zero-touch vs. local install; capacity and scale considerations; determining required changes to the infrastructure
Design a lite-touch deployment strategy.
70-686 objective may include but is not limited to: unicast vs. multicast; auto-cast vs. scheduled-cast; staggered deployment; scheduling considerations; network load considerations; choosing a client boot method for deployment; unattended answer files; restricting who can receive images; choosing a delivery mechanism
Design a zero-touch deployment strategy.
70-686 objective may include but is not limited to: designing and configuring task sequencing; unattended answer files; scheduling considerations; staggered deployment; network load considerations; restricting who can receive images
Design a user state migration strategy.
70-686 objective may include but is not limited to: determining which user data and settings to preserve; local vs. remote storage considerations; determining mitigation plan for non-migrated applications; securing migrated data; testing designed strategy; wipe-and-load migration vs. side-by-side migration
Designing Application Packages for Deployment
Design a delivery or deployment strategy.
70-686 objective may include but is not limited to: auditing for prerequisites and minimum requirements; choosing a deployment method such as virtualized, Remote Desktop Services, Group Policy, or software distribution; server-based or client-based install; scheduling considerations; staggered deployment; network considerations; package creation standards
Manage application compatibility.
70-686 objective may include but is not limited to: testing incompatibility; choosing a method for resolving incompatibility, such as upgrading, Remote Desktop Services, shim, or VDI; auditing incompatible software
Identifying and Resolving Deployment and Client Configuration Issues
Identify and resolve Internet Explorer issues.
70-686 objective may include but is not limited to: security zones; Web applications; advanced settings; Group Policy restrictions; certificates
Identify and resolve Group Policy issues.
70-686 objective may include but is not limited to: delegation; inheritance; policies are not effective; blocking; permissions; loopback processing; user vs. computer settings; filtering; performance
Identify and resolve networking issues.
70-686 objective may include but is not limited to: wireless; remote access; VPN; certificates; performance; IP communication; Windows Firewall
Identify and resolve authentication and authorization issues.
70-686 objective may include but is not limited to: user rights; distinguishing between client-based and server-based issues; time synchronization (Kerberos)

Here is a delightful little video showcasing some of the staff at blacksun Webhosting, enter at your own risk! We love hosting your websites, click to see why. www.blacksun.ca

Day 2: The start of the technical session on Friday saw Mr D C Garg, CMD, Western Coalfields Limited and Dr Bristow chairing the session. Terming Global Steel as an ‘Opportunity in Crisis,’ Mr Peter Marcus, Founder and Managing Partner, World Steel Dynamics, USA, said “China today is much more capitalistic than the USA. Steel consumption by China last year was 573 MT as compared to 60 MT in the USA. The per capita steel consumption in China is .426 as compared to the USA’s .215. These statistics speak for themselves as to where China stands today in the world steel industry.” In his address on ‘Volatility in Global Steel Markets, Implications for Funding Future Growth’, Dr Rod Beddows, CEO, Hatch Corporate Finance, UK said in the coming 40 years, steel would be much in demand as the developing countries would be targeting the same standards of living as those in the developed nations. The other speakers included Mr John Kearsey, Executive Director, SSY Consultancy & Research Ltd, UK, Ms Vicky Binns, Head of Commodity Analysis, BHP Billiton, Singapore, Mr Jim Lennon, ED-Commodities Research, Macquarie Capital (Europe) Ltd UK and Dr Amit Chatterjee, Advisor, Tata Steel Ltd. In his address on ‘Challenges & opportunities before the Indian steel industry in the changed global economic scenario’, Dr Chatterjee mentioned how the country today is in dire need of metallurgists and engineers since the young tend to be lured more by the IT sector. “It is indeed a point of worry that the main brains in the country are not opting for the knowledge areas such as engineering or metallurgy which need specialization and expertise. These young brains will actually take forward the Indian industry,” said Mr Manoj Modi, Country Director, Coeclerici Asia. The day’s next session saw deliberations on ‘Sharing best practices – improving operational efficiency in steel industry’. D R Dogra, MD & CEO, CARE, termed the outlook of growth in the steel sector as stable while focusing on some of the key rating issues. Sandeep Biswas, managing partner, ROG, Accenture, highlighted some of the lessons learnt over time like the need for mission co-locating centres, learning from past mistakes and focus on institutionalization, selection of contractors and work force who have the capacity to deliver etc. The session also saw an address by Tim Wojtowics, VP, SunCoke Energy, USA. Giving his views on the Global Steel 2010, Mr Partho Sen, Development Manager (Eastern India), Austrade, said, “The conference has been an invigorating exercise for India to have closer ties and better trade prospects with a number of countries and we are very happy to have learnt what the industry feels could be a better road ahead for the global steel industry.” Later in the day, a panel discussion on global steel industry with reference to India saw, once again, a focus on China. Session Chairmen, Mr Gerard McCloskey, Founder and Chairman, McCloskey Group and Mr Jagatramka shared their thoughts with Mr Bill Graybeal, CEO, Coeclerici Asia (Pte) Ltd and Dr J J Irani of Tata Sons. “ The future of steel is in India. But when one compares China with India, we find that China today produces 600 MT while India hopefully should touch the 60 MT mark this year. At the end of 2009, China made as much steel as the rest of the world put together. But still the we can say the future of steel is in India,” said Dr Irani on a positive note. Giving three fundamental reasons that support his optimism, the former Tata Steel MD said India is hungry for steel and the markets are growing. “While prices are tempered by worldwide overcapacity, Indian markets are inexhaustible. The potential to export is good, but there’s competition. So our outlook should not be the international market but the domestic markets,” he said. It is possible for India to achieve 100 MT by 2015, he added on an upbeat India outlook. Panelists, Mr Dilip Oommen, CEO, India Operations, Essar Steel Ltd, Mr Naveen Vohra, Managing Partner, Ernst & Young and Mr Gueorgui Pirinski, Global Steel Analyst, BHP Billiton, spoke about their respective companies. The concluding session saw enriching thoughts by Mr Peter Linford, Senior Trade & Investment Commissioner, Austrade, who identified the areas where India and Australia could engage in trade as well other cultural and educational initiatives. Dr Nikki Williams, CEO, NSW Minerals Council and a PhD on terrorism, spoke on the growth of the NSW coal industry while focusing on the opportunities in India. Mr Rod Solomons, Govt of Queensland, Australia and Mr P S Grewal, CEO India, Micromine Pty Ltd, also spoke on the occasion. The evening of Day 2 was what one and all were waiting for. A fashion show that highlighted the ‘making of steel’ saw beautiful models display costumes by designer Monty Sally. Guests savored on Calcutta chaat, gol gappas, chana baturas and keema paus. Belly dancing, samba and street jazz kept the crowd applauding and wanting for more. For more detail on India Business News log on to http://www.bizxchange.in/

1 Introduction

Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Military tactical operations are still the main

Application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.

1.1 Security goals

Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and non-repudiation.

Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.

Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.

Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.

Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.

Finally, non-repudiation ensures that the origin of a message cannot deny having sent the message. No repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message from a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.

There are other security goals (e.g., authorization) that are of concern to certain applications, but we will not pursue these issues in this paper.

1.2 Challenges

The salient features of ad hoc networks posses both challenges and opportunities in achieving these security goals.

First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message replay, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation.

Secondly, nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor physical protection, have non-negligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a 2 distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability; that is, if this centralized entity is compromised, then the entire network is subverted.

Thirdly, an ad hoc network is dynamic because of frequent changes in both its topology and its membership (i.e., nodes frequently join and leave the network). Trust relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks, such as mobile IP [21, 48, 34], nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt on-the-fly to these changes.

Finally, an ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.

1.3 Routing Protocol and Threats

Routing protocols for ad hoc networks are still under active research. There is no single standard routing protocol. Therefore, we aim to capture the common security threats and to provide guidelines to secure routing protocols. In most routing protocols, routers exchange information on the topology of the network in order to establish routes between nodes. Such information could become a target for malicious adversaries who intend to bring the network down. There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, replaying old routing information, or distorting routing information, an attacker could successfully partition a network or introduce excessive traffic load into the network by causing retransmission and inefficient routing.

The second and also the more severe kind of threats come from compromised nodes, which might advertise incorrect routing information to other nodes. Detection of such incorrect information is difficult: merely requiring routing information to be signed by each node would not work, because compromised nodes are able to generate valid signatures using their private keys.

To defend against the first kind of threats, nodes can protect routing information in the same way they protect data traffic, i.e., through the use of cryptographic schemes such as digital signature. However, this defense is ineffective against attacks from compromised servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes being compromised in an ad hoc network. Detection of compromised nodes through routing information is also difficult in an ad hoc network because of its dynamically changing topology: when a piece of routing information is found invalid, the information could be generated by a compromised node, or, it could have become invalid as a result of topology changes. It is difficult to distinguish between the two cases.

On the other hand, we can exploit certain properties of ad hoc networks to achieve secure routing. Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate the dynamically changing topology. False routing information generated by compromised nodes could, to some extent, be considered outdated information. As long as there are sufficiently many correct nodes, the routing protocol should be able to find routes that go around these compromised nodes. Such capability of the routing protocols usually relies on the inherent redundancies — multiple, possibly disjoint, routes between nodes — in ad hoc networks.

2. Key Management Service

We employ cryptographic schemes, such as digital signatures, to protect both routing information and data traffic. Use of such schemes usually requires a key management service. We adopt a public key infrastructure because of its superiority in distributing keys and in achieving integrity and non-repudiation. Efficient secret key schemes are used to secure further communication after nodes authenticate each other and establish a shared secret session key. In a public key infrastructure, each node has a public/private key pair. Public keys can be distributed to other nodes, while private keys should be kept confidential to individual nodes. There is a trusted entity called Certification Authority (CA) [11, 47, and 26] for key management. The CA has a public/private key pair, with its public key known to every node, and signs certificates binding public keys to nodes. The trusted CA has to stay on-line to reflect the current bindings, because the bindings could change over time: a public key should be revoked if the owner node is no longer trusted or is out of the network; a node may refresh its key pair periodically to reduce the chance of a successful brute-force attack on its private key. It is problematic to establish a key management service using a single CA in ad hoc networks. The CA, responsible for the security of the entire network, is a vulnerable point of the network: if the CA is unavailable, nodes cannot get the current public keys of other nodes or to establish secure communication with others. If the CA is compromised and leaks its private key to an adversary, the adversary can then sign any erroneous certificate using this private key to impersonate any node or to revoke any certificate.

A standard approach to improve availability of a service is replication. But a naive replication of the CA makes the service more vulnerable: compromise of any single replica, which possesses the service private key, could lead to collapse of the entire system. To solve this problem, we distribute the trust to a set of nodes by letting these nodes share the key management responsibility.

3. Push! Photo: Informal Photo Sharing in Ad-Hoc Networks

As mobile camera phones become ubiquitous the practice of photography changes. Camera phone pictures are usually taken with sharing in mind. Meanwhile, publicly sharing photographs online has become increasingly popular with websites such as Flickr. Push! Photo is a mobile photo sharing application where photos can be made public and immediately accessed by anyone nearby. The application also automatically searches for photos on nearby devices to find interesting and relevant photos. Push! Photo shows how it is possible to share digital photos just as easy as paper photos.

Shoot!

Publicize!

Discover!

Enjoy!

3.1 THE PUSH! PHOTO PROTOTYPE

The current prototype of Push! Photo allows photos to be made public, and users can browse their own photo collection as well as those of others nearby. When devices are in proximity of one another, they will automatically start to search each other’s public photo collections for

Photographs relevant to one self. These photos are shown as a multi-picture slideshow, which is extended as new photos are found. To browse photos from an event shown in a particular photo the user can click on that picture in the slideshow. The application will then download all photos from nearby devices taken at that event. In this way, if a user spots an interesting picture in the slideshow, she can easily find more photos from the same occasion. To decide

Whether two photos are from the same event, information about whom else was around and the time of shooting is used. The application implements a discovery service to find other devices when they are within Wi Fi-range. Thus the application is always aware of who else (using Push!Photo) is around at a particular time. As a photograph is taken, the resulting picture is tagged with this information together with the time and the identity of the photographer. The current prototype is an application running on

Pocket PCs with WiFi-cards and external SD-cameras

3.2 RELATED WORK

In previous work with Push! Music [2] music files were replaced with so called media agents which were enabled to autonomously copy themselves between devices over a wireless ad hoc network. The media agents try to find their

way to potential listeners as users meet, and as a song is copied it automatically enters the play list. In this way the users discover new music while passively listening. Other projects have looked at mobile photo sharing. Davis et al. in MM2 uses the notion of co-presence to simplify the decision of with whom to share [1]. Photos are then uploaded automatically to a central web server where the sharing recipients can access the photos. Kohno and Rekimoto instead use GPS information and time stamps to decide if pictures are from the same event or not [4]. This is used to let users easily browse each others photos when standing in a group to serve as a topic of discussion. The system also let users drag and drop pictures between your own and other’s devices. As a contrast, Push! Photo aims to look into how mobile sharing can be simplified by allowing seamless sharing, and using context and tagging to automatically find interesting and relevant photographs

4 Conclusions

In this paper, we have analyzed the security threats an ad hoc network faces and presented the security objectives that need to be achieved. On one hand, the security-sensitive applications of ad hoc networks require high degree of security; on the other hand, ad hoc networks are inherently vulnerable to security attacks. Therefore, security mechanisms are indispensable for ad hoc networks. The idiosyncrasy of ad hoc networks poses both challenges and opportunities for these mechanisms. This paper focuses on how to secure routing and how to establish a secure key management service in an ad hoc networking environment. These two issues are essential to achieving our security goals. Besides the standard security mechanisms, we take advantage of the redundancies in ad hoc network topology and use diversity coding on multiple routes to tolerate both benign and Byzantine failures. To build a highly available and highly secure key management service, we propose to use threshold cryptography to distribute trust among a set of servers. Furthermore, our key management service employs share refreshing to achieve proactive security and to adapt to changes in the network in a scalable way. Finally, by relaxing the consistency requirement on the servers, our service does not rely on synchrony assumptions. Such assumptions could lead to vulnerability. A prototype of the key management service has been implemented, which shows its feasibility. The paper represents the first step of our research to analyze the security threats, to understand the security requirements for ad hoc networks, and to identify existing techniques, as well as to propose new mechanisms to secure ad hoc networks. More work needs to be done to deploy these security mechanisms in

an ad hoc network and to investigate the impact of these security mechanisms on the network performance.

5 Acknowledgments

I would like to thank my friends for their invaluable contributions to this work. I am also grateful to my family and the anonymous reviewers for their comments and suggestions that helped to improve the quality of the paper.

I am grateful to Almighty for His blessings upon me.

6 References

[1] E. Ayanoglu, C.-L. I, R. D. Gitlin, and J. E. Mazo. Diversity coding for transparent self-healing and

fault-tolerant communication networks. IEEE Transactions on Communications, 41(11):1677–1686,

November 1993.

[2] M. Castro and B. Liskov. Practical Byzantine fault tolerance. In Proceedings of the 3rd USENIX

Symposium on Operating System Design and Implementation (OSDI’99), pages 173–186, New Orleans,

LA USA, February 22–25, 1999. USENIX Association, IEEE TCOS, and ACM SIGOPS.

[3] Y. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457,

July–August 1994.

[4] Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology—

Crypto’89, the 9th Annual International Cryptology Conference, Santa Barbara, CA USA, August 20–24,

1989, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 307–315. Springer, 1990.

[5] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications.

Technical Report ISSE TR-97-01, George Mason University, July 1997.

[6] A. Ephremides, J. E. Wieselthier, and D. J. Baker. A design concept for reliable mobile radio networks

with frequency hopping signaling. Proceedings of the IEEE, 75(1):56–73, January 1987.

[7] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th

Annual Symposium on the Foundations of Computer Science, pages 427–437. IEEE, October 12–14,

1987.

[8] M. J. Fischer, N. A. Lynch, and M. S. Peterson. Impossibility of distributed consensus with one faulty

processor. Journal of the ACM, 32(2):374–382, April 1985.

[9] Y. Frankel, P. Gemmel, P. MacKenzie, and M. Yung. Optimal resilience proactive public-key cryptosystems.

In Proceedings of the 38th Symposium on Foundations of Computer Science, pages 384–393,

Miami Beach, FL USA, October 20–22, 1997. IEEE.

[10] Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Proactive RSA. In B. S. Kaliski Jr., editor,

Advances in Cryptology—Crypto’97, the 17th Annual International Cryptology Conference, Santa Barbara,

CA USA, August 17–21, 1997, Proceedings, volume 1294 of Lecture Notes in Computer Science,

pages 440–454. Springer, 1997.

[11] M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed systems security architecture.

In Proceedings of the 12th National Computer Security Conference, pages 305–319, Baltimore,

Gloucester Park Perth, 19 Feb 2010 – As part of the 2010 Chinese New Year Celebration, the Gloucester Park – Central Equity 2010 Miss Chinese WA Pageant is arguably the most prestigious Chinese beauty pageant in Western Australia. As of 2010, the official sponsors and organizers of the pageant are Australia Asia Business Weekly, Gloucester Park, Global Insurance Broking Pty Ltd and Central Equity Melbourne. Other sponsors are Point 88, Dene Selby Finishing Productions, Australia World Travel, Motives Makeup, AuPeople, Massage Point, Pro Hair Studio, Chinese Therapy Clinic, Kelvin Lai and many more. Fifteen beautiful finalists of Chinese and mixed Chinese ancestry participated in the competition; Gaby Liu, Tan HuiLin, Arnina Moore, Charmaine Galea, Joanna Hu, Candy Ong Hg, Marlene Lim, Winky Virginia Yu, Jessie Yeung, Carmen Lee, Tanya Liew, Vivian Zheng, Kervyn Taylors and Stephanie Smith. Honorable judges comprised of Deputy Chinese Consul general Ms Zhang Hong, Malaysia Vice Consul Mr Mohamad Zam Zami, Senior VP Betty Lai of Christmas Islanders Association, Managing Director of Global Broking Glenn Simpson and Vice Chairman of WA Trotting Association Des Parr.

The event was deemed the biggest Chinese New Year Celebration in town. There were Chinese products exhibition, ten horseracing harness races, lion dances, “Cocobutter” Fashion show, cultural show, lucky draws and fireworks to commemorate the event. The opening of the pageant started with all the contestants first parading in their own creation in Cheongsam wear, showcasing their dance talent. The next segment was swimwear round and the event ended with the evening wear where contestants wore elegant evening dresses and Q&A segment.

The announcement of the winners were held at the main stage of the harness race in Gloucester Park, with contestant number one Marlene Lim beating 14 other finalists to clinch the prestigious title of Miss Chinese WA 2010 in the grand final. Marlene Lim, a graduate pharmacist who hails from Miri City in Sarawak, also won cash prizes of two thousand dollars plus other prizes. Marlene Lim will have the important task to carry Chinese culture onto the international stage, promote and showcase the multi-racial, harmony and cultural traditions of the Chinese race. Marlene was first to go in the Q&A session and introduced herself in a clear loud voice that she hails from the beautiful country of Malaysia. She was asked if she could turn back time, what would she change and why.

“Of course there are many things that I may want to change but these are lessons and mistakes that made me a better person today. Right now, I am proud and satisfied of who I’ve become and what I’ve achieved, so if I could turn back the hands of time, I would not change anything at all. Thank you” she answered with a calm but loud and confident tone.

It was a tie for the runner-ups. Contestant number four Arnina Moore and contestant number six Joanna, both from China, shared the first runner-up position and walked away with one thousand dollar cash prizes each plus other prizes. Miss Congeniality Chinese WA 2010 winner was contestant number two, Tan HuiLin from Kuala Lumpur while contestant number eight Winky Virginia Yu from Hong Kong won the Miss Popularity/ Photogenic 2010 title. Each walked away with five hundred dollar cash prizes, hampers and other prizes.

 

This article talks about Windows XP and all the new features it brings along with it. Microsoft has really introduced a powerful new operating system which brings lots of flexibility and ease of use to the user. It also at the same time is an extremely reliable and sturdy operating system for both the average and the excessive user. In this article we start by talking about the requirements XP needs for optimum operation and how we can meet those requirements. We also talk about the bits and pieces of installing, upgrading and migrating user settings. We also highlight the new powerful features in Windows XP installation like unattended installations and remote installations. Microsoft also aims to target the home market with this new operating system and has included several new features such as user account management and group’s management at a much easier GUI level. Yet it remains the same reliable operating system if not even better for setting security, group security and domain security policies. Microsoft also includes several new features in terms of auditing and generating a lot of reports in logs for the administrative user. We also talk about the Windows installer included in this new operating system which helps remove code clutter and in turn provides us with a more stable operating system than earlier releases. We also see a significant improvement in user interface and options with a greater ease-of-use for the average day user and options like multilingual support which target the corporate environment. Windows XP also takes hardware support and installation to a new level with its new plug-and-play features an extremely good compatibility with mobile hardware. We then discuss the Revolutionary new NTFS file system on which Windows XP runs and all its new advantages over the old FAT and FAT32 file systems. Windows XP also gives us a good Networking set up and troubleshooting environment with new features like off-line folder sharing and resource management. Remote connectivity has become a much achievable target with the launch of Windows XP giving the telecommuter the flexibility to work from home. We finally talk about how this new operating system stands up to its older legacy brothers in terms of performance, optimization, recovery, back up and other services. All in all Microsoft has definitely released a powerful beast of an operating system onto the consumers and it is up to us to realize and utilize Windows XP at its full potential.

Meeting Minimum XP Requirements:

Microsoft Win XP minimum requirements can be classified into various categories. The most important requirement is the minimum processor power needed, which is set to 233 MHz by Microsoft. I personally do not agree with such low standards since the cost of processors is dropping fast and it is the biggest driver for a machines performance factor. A minimum of 300 MHz is what I would recommend on the lowest level. The control terminal investigated in this report is up to the benchmark or just above average requirements for the user. The processor is a 2.5 GHz Pentium 4 and is performing at an optimal rate. Win XP pro does support multi processor support, but is not necessary in this scenario. The next requirement brought to my attention is the amount of RAM Microsoft recommends for minimum requirements for Win XP Pro to operate is 64MB, which is clearly too low according to current standards. However, Microsoft does state a serious lack of Win XP pro function availability while using 64MB of RAM. An example of this would be disabled Fast user switching during this mode. I personally recommend a minimum of 256MB for any machine with average performance requirements running Win XP Pro. The control machine undertaken in this report has excellent RAM support with 1GB of available RAM. The RAM level in this machine takes a load of the processor as well and at the same time provides excellent performance for heavy multi usage of various software’s in the market. The hard drive requirements for Microsoft have been ever increasing with new releases of operating systems and Win XP pro requires a minimum of 1.5GB of hard drive space. This higher increase can be accounted for bigger operating systems with more included in them, for e.g. Win XP pro includes a several features like media support for writing to CD media and also a built in firewall. The control machine does a pretty good job of satisfying these hard drive requirements with a 120GB primary (Master) hard drive and another 120GB secondary (Slave) hard drive. However there are some flaws in this implementation which are highlighted in the backup section of the report. One advantage of having two hard drives is clear that the paging file can be placed on a separate hard drive for better and faster performance. The control machine also exceeds the display requirements of Win XP. Microsoft has stepped up the bar with this release and has made 800 x 600 a minimum display requirement for this operating system and a lot of video drives will not let you shift below this resolution. The control machine had capabilities above this with display potential up to 1600 x 1200. Win XP Pro also recommends setup floppies or bootable CD standards for repair and reinstall, which is also met by the control machine. However I personally recommend bootable CD’s to setup floppies which are more prone to failure of a long period of time. A better way would also be image backups and image installs which are discussed later in this report. The BIOS is ACPI (Advanced Configuration and Power Interface) capable, which enables power management features and shut down through HAL (Hardware abstraction Layer) installation. Win XP pro has a lot of graphical user features which can only be utilized through a good graphics card. The control unit in this audit has a good graphics card with 128 MB of dedicated graphics memory for exploiting these features.

Installing Windows XP:

I would like to bring to notice some installation features available from Microsoft during a windows install. The text mode option is enabled during a clean install and gives us the ability to press the F5 key to choose a HAL enable BIOS from the menu. This is critical for an individual or an organization which wants to enable the feature of auto power off. The BIOS has to HAL capable in order to use this feature. It is always recommended to update the BIOS to HAL capability before installing Win XP. Changing BIOS after installing Win XP has some serious risks of resulting in an unbootable OS and should not be attempted without proper back up of data. Microsoft advertises the F6 option during this to install any SCSI/RAID adapters. You can also turn of ACPI by pressing F7 to get a HAL that is not ACPI capable. ACPI can interfere with some features on the machine, for e.g. if the machine is a server type auto shut down would not be really a good feature to implement. The rest of the process is old style mode where you can create and delete partitions on your hard drive. There is also the option of choosing between NTFS and FAT32. However I would recommend NTFS, if your hard drive is over 32GB NTFS is the only choice for you. Windows XP does all the hard work and jumps into the GUI mode installation and then asks the user for information like the windows key, name and regional settings. The most important thing is setting the windows administrator password and writing it down and keeping it somewhere safe. It also asks for computer names and network configuration and also asks for whether you are in a domain environment or a workgroup environment and our IP settings. NetBEUI has been disabled in this version of Microsoft operating system. You can also enter the hard drive for file access during this installation by pressing Shift+F10. This enables you to move files across the hard drives, access files you need and even install drivers for new hardware during installation. For people who want the old style installation you can press Shift+F11 for the old style wizard settings. Microsoft has also implemented dynamic update which means that as long as you have an internet connection it will try to connect and try to download all the updates needed before your machine is up and running. It will also try to install new device drivers, as long as the manufacturer has his drivers windows logo certified. However dynamic update is only available for updated installs and is not available on clean installs. Microsoft also enables you implement your own dynamic update sites to prevent clogging of bandwidth in a corporate environment for machines searching for updates through the Microsoft’s website. The admin can link to windows update corporate site and download all the updates and package them together and put it up on a web server for the staff to install. A switch can be installed inside the setting of the answer file for downloading from these installs. Another feature is windows product activation which does not exist for the volume license user where the same media kit is going to be used for multiple installs. However retail and OEM licenses require windows product activation by creating a hash of your computer depending upon several features like hardware. Windows product activation can also be done in the answer file and the information sent through HTTP or HTTPS and Microsoft’s minimal requirement is that reactivation is required after changing 3-4 pieces of hardware on your computer.

Upgrading Windows XP:

Most administrators do not have the luxury to make a clean install because there are a lot of software and data installed on the current operating system. The biggest drawback to this is that all the legacy code and baggage in the old operating system will be carried over to the new operating system. An upgrade is possible from Windows 98/98SE/ME/2000 and Windows NT 4.0 with SP6. However the server class cannot be upgraded from windows 2000 professional. You cannot upgrade from Windows 95 or Windows 3.x. A compatibility check should always be made before upgrading to the new OS. Check using the switch (-checkupgradeonly) for hardware report on compatible hardware on the machine to install windows XP. If you’re running Windows NT 4.0 with fault tolerance and volume sets the drives are going to be inaccessible once you install XP since it does not support fault tolerance or volume sets. Microsoft does give you an easy way to use the key FTONLINE to bring the fault tolerant set online to backup the information or recreate a volume set or striped volumes and get that information back. However you cannot create fault tolerant drives with Win XP. In a case of serious error you can always roll back the upgrade. This feature can be accessed from the “Add Remove Programs” in the Control Panel. However the biggest drawback is that once you change from FAT32 to NTFS you cannot go back to uninstall the upgrade and get your old operating system running. The install procedure is pretty much the same as the once we encountered on a clean install without the headache of drive partitioning. It even tries to download updates (Dynamic Update) if an internet connection is detected. The software and regional settings and other user settings are preserved on the computer. The upgrade does come with different view screens after the install. Views change with the kind of environment you are running in for e.g. a domain environment the user gets to see the Ctrl+Alt+Del screen whereas the user gets to see the welcome screen in a workgroup environment.

Migrating User Settings:

User settings are an extremely important feature needed in a corporate environment to preserve the same look for a user. The file and transfer settings wizard comes to our rescue down to the last solitaire icon on the users computer. File and transfer settings transfer transfers files in four categories. The first category is appearance which includes color schemes, sounds and others. Second, it also keeps internet settings like your favorites and your internet security settings. Third, it also backs up all your account settings like all your e-mail accounts and all the internet addresses stored in your machine through outlook. Finally it even transfer the settings for installed software’s like Microsoft office and even third party software’s like adobe. However the drawback is that the required software’s should be installed before their settings can be reapplied to the new operating system. The File and Transfer settings wizard can be reached through the windows CD by accessing the icon “Perform Additional Task”. The process is simple and visually guided. It gives you the option to choose just files or both files and settings and transfer all the required files through a direct cable, floppies/media or network. This can also be used from XP to XP machines, in a case of customizing a brand new machine to industry standards. However this is should be used for only for small offices or a very small office. A better version of this for large offices is user state migration tool for scripting mass XP migration of files. The user state migration tool is made up of several tools once of which is scanstate.exe which includes files like migapp.inf, migsys.inf, miguser.inf and sysfiles.inf and you can change these files as you please. A simple illustration would be to access the migapp.inf file, put in the settings you need and put in the files you need to transfer and run scanstate.exe on every computer. The new machine would run a different program loadstate.exe which will unpack the file and load those settings. However like in file transfer settings this cannot transfer application and only settings to applications for e.g. it will not install adobe acrobat on your computer and then transfer its settings. If an application is not detected on the computer the settings for it will not be used. This application can be accessed in the following directory “CD:VALUEADDMSFTUSMT”. This ability is completely scriptable so an administrator can send these as e-mail messages to all the users and does not have to present at all the machines to run this.

Unattended Installation:

Microsoft also supplies us with tools for unattended installation which is a great feature for network administrators working in large corporate environment. This feature saves the tedious task of sitting down at each computer and installing Windows XP on each one of them. Unattended installation is made possible through a tool called the Setup Manager which links to the file unattend.txt which makes it possible answer all the questions which Win XP is going to ask us during the process of installation. A simple way to implement this is to drop all the required information for setup in the unattend.txt and drop this file in a floppy disk during the installation process or script this file inside if you are setting up through an image. There is one drawback to this since the each computer requires some unique information like computer name and IP addresses. This can be handled through a UDF file which is the unique database file. IP addresses on the other hand can be handled through DHCP and other processes. If you are booting off an image, this can be achieved by scripting the winnt32 file. The command line should read like this winnt32 /s: source path /u: unattend.txt /udf: udf path. However, if booting of a CD then this file should be placed inside the floppy disk with the name winnt.sif. This feature is again hidden inside the Win XP and can be accessed through the SUPPORT/TOOLS/ path and then by extracting the deploy.cab file. This file had to be extracted and will then reveal all the tools you require to deploy and unattended installation of Win XP. There are also three very helpful reference files inside this folder which give you a lot of information of using these tools. The setup manager tool a GUI tool which guides you through setting up the process of creating the uanttend.txt and the unique database file. It follows the simple procedure of asking questions starting from the organization and user name, Win XP key (This is the most important feature and has to entered correctly otherwise the installation would not take place), workspace or domain settings, regional and internet settings, language and time zone settings, computer names and even external commands to start up other installations for e.g. installing Microsoft office after Win XP install. This setup manager also gives us the options of several types of install like GUI installation, read only installation (user can see everything but cannot change anything) and others. You do not have to create this unattned.txt file from scratch for each terminal and can modify this file as per your needs for every other user. However this does become extremely cumbersome for large environments and the headache of creating a unattned.txt file for each user in a larger corporate working area. Microsoft does have its answer to that which is called the sysprep tool or the system preparation tool which gives us the ability to roll out clones of operating systems on each machine. This does give the network administrator the ability to somewhat use a cookie cutter style to roll out machines with preinstalled applications and operating systems customized before the mass installation procedure. The problem however can arise in the security identifiers (SID) that Microsoft uses to identify each machine and unique to that machine. You can use cloning tools to roll out these clones but you still have to use sysprep to authenticate support. Microsoft’s strips those SID’s out and repacks them so when the user sits down on the brand new machine he has to enter some information for the machine to get going. The applications are installed in the background though, but its Microsoft’s way of making sure that each machine has a unique SID after installation. Administrators are advised to run the latest third party cloning facilities to achieve the optimum results and then use sysprep to repack the machine as a brand new one for the SID’s to work safely and in accordance to Microsoft. However you have to be extremely careful before rolling out clones since they are very hardware specific, so your terminals should have identical HAL’s, mass storage device controllers and ACPI support. VAR’s (Value added resellers) should use the –factory mode switch to install and reconfigure the machine as per according to their requirements. This is also known as the audit mode and the machine can resealed after this by running sysprep again with a –reseal switch. This can also be done automatically using the file WINBOM.INI.

Remote Installation Services:

A remote Installation service gives us the power to install Win XP over the network. Microsoft uses a PXE (Preboot Execution environment) to achieve this and the setback is that you’re network card should be PXE certified. However, Microsoft also gives some hope to some left behind by giving us the option of using boot disks for people who do not have PXE certified network cards but, there always is setback and this time it’s that this feature is supported by only very specific network cards. Unfortunately, if you’re network card does not belong to any one of these classes you are out of luck and cannot use this feature. The basic way to setup is to connect to a RIS sever (Remote Installation server). Once you are connected to the RIS server there are three ways to connect and install Win XP. The first one is a simple installation where you download and run an image of Win XP CD. The second process is a scripted installation by creating an answer file and achieving an unattended installation. The final and the most powerful is the System image which uses a tool RIPrep (Remote Installation Preparation tool). This allows us to create an image with all the customized applications installed on them and then transfer that image to all the required machines. RIS requires an active directory environment with integrated DNS built it. The RIS server must be setup in the active directory. Most administrators would dedicate a separate sever for this process. Microsoft also states that the RIS partition should a separate one and should not a boot or system partition, so you would have to throw in a spare hard drive and drop this image on it. Also, the partition must be an NTFS. RIS installation utility and RIS preparation utility will allow you to put the different images on the server. The process then requires the Win XP CD and copies the I386 directory on the server and you can then choose to scripted installs or simple installs after that. The RIS uses single instance storage which means that it stores only one copy of each file when you upload different images on the server. This result’s in saving a lot of space on the server as well but this makes another reason the put this on a dedicated server and once all this configured you can put access levels on the images to allow users restricted access so that they cannot install any image they like. End users will boot from the network and boot from the PXE network card or PXE floppy disk and it asks them to log on and authenticate themselves to the domain server and then give them choices of installation images. In a multi-domain environment the administrators will be required to set up these RIS servers on each domain. Similar drawbacks exist on hardware compatibility. There are limited allowable differences in hardware on the machines but the HAL’s must be identical and as well the hard drives should be equal or larger in size. PXE book disks will work only on limited NIC cards so laptop users with PCMCIA are out of luck. Also remote installation can only be done on C drives and segregations on drives don’t allow the service to work.

Installation Troubleshooting:

Troubleshooting is always an enemy an administrator has had to face during his work. Even though Win XP is a quite sturdy operating system, there is a slight chance that you will run into problems during installation. The first step would be to check the hardware compatibility and hardware health. Most the time the problems I have encountered on Win XP have been due to bad hardware. There is no guarantee that devices on Windows 2000 will work on Windows XP. A first step is to install Windows XP with minimum hardware and then drop in extra hardware components after the install. That will allow you to isolate the bad or incompatible piece of hardware. You can also access the Microsoft’s website access the hardware compatibility listing. You should also check if the BIOS is ACPI compatible as described earlier.

User Accounts:

Windows XP requires user accounts to operate on it. It is based on the Windows NT kernel formula. Every user on Windows XP needs a user account. A big advantage of having user accounts is to be able to customize Win XP according to your environment. Windows XP can operate in a workgroup environment or an active directory domain. Windows XP also provides us with built in user accounts. The most powerful of all is the administrator account and time and time again it has been said to not do day to day tasks logged on as the administrator. The control machine in this case is at a serious threat since the only user account present on this machine is the administrator account and is not password protected. This is serious threat since this user has complete control for e.g. format a drive even by accident. The other account is the guest account which is open for users to access the machine but not giving it the power to corrupt or mess with the installed programs. A workgroup environment is good for a small corporate network but the biggest drawback is the each terminal should have a user account for that user on that machine, since Windows XP authenticates user accounts. However, domain environment has a central storage of all accounts which reduces overhead and makes it easy to add new accounts and terminals. In a domain environment if there is one user account, you can use that account to log on to any machine in the local domain. User accounts in a workgroup can be maintained through user accounts in the control panel. By default user accounts in Windows XP does not need a password but the administrator can change these default settings. Microsoft has also installed a feature known as “prevent forgotten password” where through the administrator account you can create a floppy disk with your password stored on it for recovery. However, this floppy disk should be safeguarded, since it can be a security loop hole to the entire network. In a domain environment you must log on as a member of the administrator’s group to create and delete user accounts. However, in a domain environment you have to add domain users to the local group to grant them access to the machines in that group using that user account. The concept is a little different, since domain user accounts should be granted access to a local group and are then able to log on to any machine in that group using that domain account, whereas each computer in a domain environment can also have local user accounts specific to that machine and only accessible through it.

Group Accounts:

Groups are a boon to an administrator in settings permissions. This allows us to take users and combine them to manage resources. Local groups allow us to set permissions to a group and have it trickle down on to the members of that group, local groups existing on each machine that give us this ability. Windows XP also gives us some built in groups like the administrator’s group and the users group. Local groups however have authority on that local machine. Microsoft’s management console allows us to create, delete and manage groups. A user can be a member of multiple groups so that allows the user to have a combination of most permissible abilities. However, deny always overrides an allow so if a user is denied a permission in one group that overrides that permission in all his member groups. There are several built in groups like administrator’s, backup operators, guest, network configuration, power users, remote desktop users and help users group. The name pretty much defines most of these groups. Most of the members belong to the power users group which gives them the opportunity to install applications and do day to day tasks. However there are some restrictions placed on this group for e.g. they cannot access other user’s files and cannot format hard drives or change user group settings and other user’s accounts. There are also some system groups which are used by Windows XP itself to perform certain tasks. The operating system handles these groups and you do not need to manage these groups. One such group is the “everyone group” which explains itself of how it includes everyone. If you want to give wide open access to computer you can grant a user as a member of the “everyone group”. However, this does include anonymous access so a user cannot log on using anonymous access. There are also other system groups like authenticated users which have to proved themselves worthy to log on to the system and creator/owner groups. There are also network and interactive groups which differentiate on the basis of your location. Network group classifies users who log on using a network whereas interactive users are users who actually sit down at the machine to log on. Creating and managing user groups can be achieved through the Microsoft management console. This saves a lot of headache at the domain level since the domain administrator can create a domain level group in the domain environment. The local administrator can then add that domain level group into the local machine group he just created and this gives the members of that group immediate access to that machine.

Logging onto Windows:

Logging on Windows XP is different from a workgroup to a domain environment. Microsoft has finally stepped away from the Ctrl+Alt+Del key combination to log onto to Windows. In a workgroup environment the user is greeted with a welcome screen, however the old style log on can be made compulsory in a workgroup environment by the administrator. In a domain environment the Ctrl+Alt+Del screen in the default and you cannot get away without it. In a workgroup setting you can disable the welcome screen but this also switches off the fast user switching option. Fast user switching is available only in a workgroup setting targeted towards a home environment. This enables multiple users to run their sessions on the same terminal without closing the other person’s session or let a user log on without logging another user off. This uses terminal services made available to us by Microsoft. There is at least a 128MB memory requirement needed for using this service. You can use fast user switching by using the Windows key + L, but you require the welcome screen switched on for this. You can also see what accounts are currently logged on by using the task manager and switching to the users tab which will show you all the current users logged on and it show which user is currently active and which are disconnected. Troubleshooting user accounts can be a simple task. Be sure to check if passwords are correct and caps lock is not turned on and also if your account has not been disabled. You can also turn on the guest account as a last resort to have limited access. This can be a security loop hole so most administrators avoid it. In a domain environment XP caches user log on information so you as an administrator can turn on a feature which prevents a user from logging on if the domain controller is down. You can prevent this by accessing the security policies from the administrative tools from the control panel. This gives you an option of changing the number of cached logon’s to zero which will prevent a user from logging on if the domain controller is down. Changes such as this require the user to be a member of the administrative group and also these security policies can be overridden by policies set on the domain level.

User Profiles:

User profiles in Windows XP give the user the power to maintain his/her own settings for each user. This is just a group of files personal to that user and HKCU portion of the registry. All the user profiles and the default profiles are found in the folder Documents and Settings. However this is only in a case of a clean install of Windows XP, but when we upgrade from Windows NT the user profiles are found in the system root directory. Profiles are specific to each machine, so if a user has an account on ten different machines his user profile on each machine will and local and different. This exception in this case can be a roaming user profile where the user roams around from one terminal to another. In this case the user can log on to any machine and his user profile is downloaded at the terminal he sits down on and he can make changes to his/her profile and when he logs off those changes are saved on to the active directory. In order to set up this user profile the administrator must create a user account and put a UNC (Universal naming convention for e.g. domainnamefoldername%username%) tab in the profile tab of the user in the active directory. However, the trick is to give proper permissions to directory where the user profiles are saved in order for the user to access his/her profile; otherwise the user will receive a default profile. This profile is also cached locally incase the roaming profile is not available or the profile server goes down the user can still log on using the locally stored profile. However, incase the user logs onto multiple terminals the profile from which he logs on last will the last profile updated. This can also be made ad a mandatory profile for e.g. in kiosk environment where you want the user to have the exact same profile whenever he/she logs on. You can do this by going into the user profile and renaming a file ntuser.dat to ntuser.man and no changes will be saved when the user logs off so he/she will get the same default profile when he/she logs back on.

Local Security Policy:

Local security policies give the administrator several measures to maintain security in the workgroup. There are three different types of policies like auditing, user rights and security settings. There are also account policies which include password policies and account lockout policies. Password policies enable us to enforce password laws where the administrator can set password length, history, age and even complexity for secure environments. Account lockout policies prevent hackers from constantly trying to log on to the system using brute force like all combinations of passwords. Local policies give us a variety of features. One section is user rights assignments where the administrator can assign specific policies to specific users and groups which allow different users to have different powers and rights on the network and the machine. Auditing properties enable us to generate reports on how the system is performing to be clear who is trying to do what on the machine or the network. Microsoft does make our work easier by giving us preconfigured security templates. These are groups of settings for various scenarios. These can be accessed through a bunch of .inf files provided by Microsoft and you can implement these by either importing the .inf file into the group or by using the Microsoft security configuration and analysis snap-in. These can be applied to a local machine or a group and are easy to create through the MMC. The preconditions are to first create a snap-in and add the security policies and security configuration and templates modules in it and then create a database and then import a security template into it. Then you can compare and analyze or even set your computer to these configurations. You can also save these security templates as shortcuts for access to each machines security settings.

Group Policies:

The main function of group policies is to implement restrictions on their computer to prevent unintentional mess up of the OS on the computer. In a workgroup background you can implement local group policies which are specific to that local machine only and to the users on that machine, so in order to implement this on the entire workgroup you will have to implement this locally on each machine which can become a headache. However, you can have remote shortcuts to each desktop’s MMC (focus MMC on remote machines) on your computer and then can implement those policies through this procedure. In a domain setting you need to implement these policies through the organizational units in active directory on the active directory server. By default group polices have a refresh period after which group policies will be downloaded but you can run a GPUPDATE to refresh and implement new group policies immediately. Group policies are accessed through the same way as local policies by adding the snap-in of group policies. You can create group policies on that local machine or connect to remote machine by clicking the browse icon, but you need to have administrative rights on each machine and also on that machine. As ever domain policies override local computer policies.

Auditing Windows XP:

As a network administrator one of the main tasks is to make sure that the resources are being used the way they are used or not being used they should not be. Auditing in Windows XP is just the feature which helps us track these key events. This can be used to track successful or failed system events. It helps the administrator choose between either tracking things being done correctly or things not being done correctly. The most important factor is file access and account logon. One drawback of auditing is that it should be turned on locally on each machine, since it cannot be enabled on a domain basis. Auditing should not be turned on in the entire domain since it does take a performance hit on the system. An example would be the Audit object failures which tracks failures or successes of files and printers. Enabling this would not turn on auditing on the file, in order to that you need to go to the properties of the folder or files you want to audit. Head to the security tab, if you cannot see the security tab this either means that simple file sharing is turned on or that your drive is based on FAT32 partitioning style. You need to have a NTFS partition style and simple file sharing tuned off for this security tab to show up. However, in a domain environment simple file sharing is turned of by default. Once you can see the security tab hit the advanced tab and select the auditing tab and add the user or the group you would like to audit. Auditing reports can be seen through the event viewer which can be located through control panel and then in administrative tools. Finally the key thing to remember about auditing is that it has to be turned on at two separate places, once in the local security policies and second at the resource you want to audit like a file or a printer.

Windows Installer:

If you install an application on Windows XP you are most probably using the Windows Installer. Microsoft started this through Windows 200o to prevent other applications from just installing themselves and breaking and clobbering other DLL’s. There are also problems during uninstall where the program would take away a critical Windows component and then your system might not boot. This new service is integrated into the operating system to make the programs well behaved. Windows Installer introduces package files (.msi) which are installation files on the CD itself. There are a lot of advantages to using the Windows Installer, for e.g. the ability to self-heal in a case where the program detects that a DLL is corrupt or missing and then can heal itself by pulling that file back from the source CD or network. There is also a rollback capability where something terrible happens during the installation, Windows Installer makes sure to take snapshots of the system before and after the installation. In case of failure it rollback’s the system to the state how it was before. There is also on-demand installation where you can install features as needed and required later on by the system. These can be obtained from the source on either a media format like a CD or on the network. Source resiliency also enables us to define several source targets where you can connect and download the files you need incase one source is corrupted. You can publish application in a domain setting and then can assign a group or users who can connect to download and install this application. Also, you can assign applications to users or groups where the application doesn’t really install itself but it places a link or a shortcut of that application on that terminal for that user to access it and when the user tries to access it the first time it goes ahead and installs itself using the Windows Installation services. This also enables us to have two different versions of the same program using two different DLL’s which can coexist on the same terminal in the same hard drive. MSIEXEC is the command prompt installer which is the core of the Windows Installer. There are several flags to this command and you can run this from the command line to install those problematic applications. One of the most important flags is the /f which can be used to repair bad installations and even find corrupt DLL files.

User Interface:

Windows XP gives the average user a lot of power with the ease to configure his/her user interface. Configuring the desktop is something you can do almost to an extreme in Windows XP. Standard desktop settings remain the same as the ability to change wallpapers, colors and sounds. There are also themes and skins which can change the entire look the Windows XP and work as API’s which run on the machine and not any third party tools you need to get. Simple day to day tasks have been made a lot easier with a folder and file options available on the left hand side of the windows explorer. The start menu has become more powerful than it was before. It also incorporates the ability to customize itself as per your program usability. However for you old school people Windows XP does give you the option of switching to the old style desktop or the classic desktop. All you have to do is right-click and go to properties and change the theme to Windows classic to obtain the old style Windows look. The appearance tab helps the user pick a color scheme they like best or you could also enter advanced mode and pick colors for each part yourself. The effects tab is the most underused tab which gives the user the ability to get cleaner fonts and even remove and set animations on your windows. Most appearances are customizable in Windows XP and Microsoft’s is trying real hard towards a goal to please every user type.

Interface Options:

Microsoft has added a lot interface options for users who otherwise have problems using the computer. One is accessibility services where Microsoft has included several options like the sticky keys, filter keys or toggle keys and even sounds and onscreen keyboard. There is also a narrator which gives us text to speech for the visually challenged. There is also the magnifier which is also a great asset. An easy way to access the narrator, magnifier and the onscreen keyboard is pressing the Windows key + U. Multilingual support has also been included in Windows XP just like as in Windows 2000. However, not all applications support this but you can almost enable this all API’s. All that is required is to head to the regional settings in the control panel and install the language you want to work with the remap the keyboard accordingly and you’re done. One drawback is that for other users to use a document created in this language they must have the same language settings installed on their computer. You can even change entire interface of the computer into another language by installing support for that language. This servers as a strategic advantage for global organizations which operate in different regions in terms of saving space in terms of storing a file in different languages since multi language support enables us to store only one copy of the file and have it available in different languages.

Hardware Installation:

Windows XP supports plug and play feature where you can just plug in devices and it will detect them automatically without any installations. One of the most important advantages of this feature is that signed drivers are installed automatically without prompting. However, non plug and play devices require manual installation. This saves a lot of headache to the administrator when it comes to installing different pieces of hardware. The user needs to have the administrative privileges to install these hardware’s and drivers. These can be maintained to the device manager which can be accessed from right clicking my computers icon. Microsoft is pushing to wears a new setting known as driver signing. This enables Microsoft to see what drivers are installed on the system. In a case of an unsigned driver the user is warned about this before installing it but he/she can still choose to go ahead or not go ahead with it. Vendors have to actively pursue to get their drivers signed by Microsoft to achieve a signed driver rating. In a case of an unsigned driver Microsoft raises a flag which warns the user about the unsigned driver. This can raises several issues in a network for the administrator to handle where people bring in their own USB devices to plug in to their systems and then can raise several flags and incompatibilities in the environment. The administrator can handle this situation by disabling and blocking the installation of unsigned drivers. One of the drawbacks in windows 2000 was the ability for a user to modify the registry keys and install an unsigned driver and then change back the keys after the installation. This loop hole has been fixed by Microsoft and the user is not given the ability to change registry keys and hence he cannot install unsigned drivers without administrative permission. One of the other features that will is the facility of the drivers or to even roll back drivers incase of a mishap. Updating device drivers still requires the user to have administrative privileges. However updating device drivers is one of the most frequent causes of system crash. This is where the ability of rollback kicks in where Windows XP maintains copies of older versions of your driver which you can kick back to incase of an update failure. There is also something known as the last good option which should be a last resort in case of a safe boot. Driver signing gives us the options to free install, warn or block drivers that are unsigned. A normal user can always go to a much stricter option like if the administrator has selected warn the normal user can choose block, however he/she cannot choose to ignore it.

Hardware Support:

Windows XP supports most kinds of hardware these days. You can pretty much take anything in the market and it will be supported by Windows XP. Windows XP even supports smartcard operations fresh out of the box. One of the coolest features is the ability to hook up to twelve display devices on to one machine. As a matter of fact you can link up to ten display devices onto one single terminal. There’s also dual head technology incorporated into Windows XP which gives the user power to connect multiple monitors with a single video card adapter, for e.g. in case of a laptop you can connect it to monitor and have it perform different from the screen on your laptop or as an extension to the screen on your laptop. Windows XP supports Directx and OpenGL which are graphics technologies or graphics API’s. Microsoft is offering this towards the gaming market where they have finally been able to run Directx on the NT core for the games to perform an optimum level. Another Windows XP service included out of the box is faxed support .This practically will meet most users average day to day tasks of receiving and sending faxes. Fax support of course is not installed by default and the user has to install it through and remove windows components. As soon as you install facts aboard Windows XP creates a virtual printer through which it will send it to your faxes.

You can even have your terminal receive faxes through a virtual printer. Setting up fax services is pretty easy for the average user to configure. It does require a telephone number and other information. You can even set it up to auto print faxes or choose how you would like to be alerted. One of the directions most new hardware is trying to move this towards using USB and firewire (IEEE 1394) ports. These are plug and play hot swappable devices which you can connect and disconnect without having to install any drivers. One of the features of USB is that you can target USB root hub through device manager to allocate power to each hub. Another way to get out of this power drain is to use a self powered external hub which draws its power externally to function. You can even take a look at the universal host controller in device manager under the USB drop down menu to see the amount of bandwidth taken by each controller.

Mobile Computer Hardware:

Windows XP has a pretty good mobile hardware support. As more and more users switch from desktops to laptops Microsoft has increased its support and capabilities towards mobile hardware. One of the most important features is included support for ACPI which saves a lot of battery power on laptop machines. Applications can also request no power saving incase of server machine where applications need to keep running constantly. Dynamic docking and undocking creates separate profiles for docked and undocked mode. ACPI gives the capabilities of power management through power options available in control panel. Power management facilities give us the flexibility to maintain different power settings incase of desktops and laptops. Also it even creates different settings when the laptop is in docked mode and running on AC power and when in undocked mode and using battery juice. One of the power saving modes is the hibernation mode where the computer dumps its memory on the hard drive and shuts itself off and when you start it again it reloads its RAM from the hard drive. An easier way for an average user are built in power schemes given by Microsoft that help you mange your power settings better to get the maximum time out of your laptop. Windows XP also gives you the flexibility to set up UPS and adjust hibernation. In order to bring your computer to hibernate mode initiate a shit down sequence and then when the window pops up hold down the shift key to change the standby option to hibernate. Hibernate is much bigger power saver then standby, since standby still consumes a lot of power. You do need to log back on to the system after hibernation. Windows also has wireless support for Windows XP through Bluetooth (802.11b) and Infrared technology built in to the operating system. Windows XP can detect and connect automatically to wireless networks using either an access point or an ad hoc ability (ad hoc ability connects multiple computers to each other without having to connect to an access point).

Storage Devices:

Windows XP hard disk support comes in two different flavors. The first one is the old style know as basic disks which include four primary partitions or three extended partitions and one extended partition. Microsoft has now implemented a new strategy know as volumes disks. You can have up to 200 volumes per driver, however Microsoft does recommend you to not go this high and has set a limit of at most 32 volumes per drive. If you plan to multiboot using this drive dynamic disks and dynamic volumes are only usable by Windows XP and Widows 2000. Applications don’t really have an issue with dynamic disks. One drawback is that laptop computer and removable storage cannot have dynamic disks since this is really used when there are multiple drives. You cannot mix dynamic and basic disks on one drive. On basic disk you can primary and extended partitions only and you cannot create fault-tolerance volumes or even span drives. Dynamic disks have this ability. The first step is a simple volume which can be NTFS, FAT or FAT32. The next step above this is a spanned volume used in a case of multiple hard drives where you can add more space to hard drive without adding another drive letter. Simple volumes can be extended to create spanned volumes but the kicker is that you cannot extend a system or boot volumes. The third case is a striped volume which is written on both drives which doubles your throughput on both drives. This in turn increases performance and also doubles your throughput on reading and writing. You can access these management tools by right clicking on My Computers and then selecting manage and choosing Disk management in the computer management window. It is very simple to convert a disk to a dynamic disk, the process involves right clicking on the disk icon itself on the left most side and choosing convert to dynamic disk. This renders it unusable by other operating systems since the partition table is rewritten. You can extend a simple volume by just right clicking and choosing extend volume and choose the desired size you would like to extend the volume to. Converting an existing basic setup to dynamic setup requires at least 1MB of unpartitioned space but vice versa is only possible through reformat. For users updating their system from other legacy system you need to use FTONLINE to bring your data online mount it and then wipe out your drives and bring your data back to the drives. It is not a long term solution for storage. There are also other removable storage media like CD’s floppies and USB hard drives. Windows XP has full support for burning CD’s included into the operating system. However, it’s not as advanced as other third party applications.

File Systems:

As a network administrator you need to know the kinds of file systems that are supported by Windows XP. NTFS is the new file system which has a lot more capabilities incorporated into it. The FAT file system is the universal file system, which has a lot of limitations which were overcome by FAT32. One of the biggest drawbacks was the cluster size in FAT, so for e.g. the bigger your drives got the bigger the cluster became so for a 1K file you would’ve used a 32K cluster and ended up wasting 31K space. This becomes a considerable waste when thinking in terms of gigabytes. FAT32 overcame this problem by introducing a 4K cluster, but still has a lot of limitations. NTFS has a lot of new features like compression, encryption and permissions. Users still using FAT or FAT32 systems on Windows XP can convert to NTFS by running a command from the prompt known as convert [driverletter]: /fs:ntfs. However, you cannot convert back to FAT or FAT32. In a case when you convert your boot drive it will convert on reboot. A backup is recommended to prevent data loss before running this command. In a case you have already started the process and haven’t backed up your data you can jump into registry editor using the regedit command and look up inside HKEY_LOCAL_MACHINE – system – CurrentControlSet – Control – Session Manager.

Inside here you will see boot execute. When you run this you will see the conversion process listed there and you can delete it to stop the conversion process. There are also other file systems maintenance tasks which most administrators like to do whenever they find time for e.g. disk defragmentation. The new feature in Windows XP is that you can schedule this defragmentation via the command line. Disk cleanup is also a pretty safe way that deletes cache files and other temp files stored on your computer. It even tells you of files which you haven’t used in a long time.

NTFS:

NTFS clearly has a lot of benefits compared to others like FAT and FAT32. NTFS is the default choice when you start from scratch. However, one difference is that formatting NTFS will set file security during installation which you do not get when you convert from FAT or FAT32. This can be securing access from critical system files which was not present in FAT and FAT32. Microsoft has introduced the quick format option during setup process. NTFS also introduces file and directory security settings which are very helpful in corporate environments. IT also gives us the abilities of quotas, compression and encryption. By default if the user is not in a domain environment then the sharing and NTFS permissions are combined into one. Simple file sharing is turned on in the tools folder option which disables the security tab from the properties of a folder or a file. This can be turned back on by just disabling simple file sharing. Windows XP creates a My documents and Shared Documents folder. You can make you My Documents folder private and even when you place a password on your user account then Windows asks you to privatize your entire files and folders. Shared Documents enables multiple users to share documents with each other. However, in a workgroup setting you can only make folder private in your user account. In order to disable this option you as an administrator need to turn off simple file sharing. In a domain environment this is turned off by default and security tab is available. Permissions granted to a user always add up as most permissible but deny always overrides other permissions. There is also inheritance which trickles down to the file level which means that file permissions override the folder permissions. However, you can always block inheritance and override a lower level permission with the higher one. Windows XP has also added a feature to view effective permissions on a file. These can be accessed through the effective permissions tab available in the security tab of a file or folder and by clicking the advanced tab. You can select the user or the group you want to view permissions on. NTFS utilizes the concept of ownership of file where the owner always has full control of the file they created; even after they are locked out they can take ownership of the file and give themselves access to it. Administrator can take ownership of any file available in the system, but so that this cannot be abused they cannot give ownership to someone else, they sure can give them permissions to view and modify but not ownership. This is a key concept of recovering files when a user has left the company or has been locked out from his files. Taking ownership is very easy, head to the security tab and click advanced tab and choose the owner tab and then you can add yourself back. Then you can go ahead and add yourself back into the file permissions to give you back full control. NTFS also gives us the ability to compress files on a case by case basis. Compression and decompression happen automatically. Compressing folders will also compress files and adding new files to it will also keep the new files compressed. Windows XP does highlight them with different color to mark them as compressed. Encryption and compression do not mix well in Windows XP. You can access encryption and compression through the properties and advanced tab and choosing between compression and encryption. Microsoft uses the EFS (Encrypting File Systems) for safeguarding files and folders. Encrypting a folder will encrypt all files inside the folder as well. The key is encryption is stronger than permissions because the data gets scrambled using certificates. This means that user who owns that certificates can only access that data. There is no longer the security hole where encrypted file transfer was not possible and data had to be decrypted for the other user to read it. Now when you give access to somebody else for your encrypted files he/she gets a copy of the certificate to decrypt those files. One drawback is that if you move files into an already encrypted folder it will not be encrypted, however the ones created will be. You can give access to another user of your encrypted file by adding them through the details tab available through the properties and advanced tabs. The catch is that the user should’ve have encrypted a file at least once to have a certificate available on the computer. This is needed by Windows XP since the first time you encrypt a file it issues you an encryption certificate. In a domain environment you must trust the server for delegation in order to encrypt files on the server. You can also use WebDAV for providing secure transport and storage to avoid trust for delegation.

EFS Recovery:

Recovering encrypted data can be made possible since Microsoft’s introduction of the DRA or the data recovery agent. This utilizes a special key which is tagged on to every file encrypted. In a domain setting the administrator is defaulted as the being the data recovery agent so there is always a back door for recovering encrypted files. In a workgroup environment there is no default data recovery agent, so you need to create a data recovery agent. The key is to create a DRA before any files get encrypted, since you won’t be able to recover files which were encrypted before that. The first things you need to do are access your security policies by heading into the local security policies and then into public key policies which will show you encrypting file systems. Making a DRA is a little tricky to begin with. Start by running the command prompt and running the cipher command as follows cipher /r:[filename]. This command will create your two recovery certificates, one is public key (.cer) and the other is private one (.pfx). It also asks you for a password to open your private keys. Once done you then right click on the encrypting file systems in the local security policy and add a new DRA and then browse to the recover file you just created and add that. Now, when any user encrypts a file you will be listed as a data recovery agent. You can also reset password for another user if he or she forgets it but this trashes that user’s certificate, so he/she will not be able to access files which were encrypted with the previous certificate before. This is where the DRA comes as a savior. In order to disable EFS you need to completely remove the encryption policy, it doesn’t just go away by removing the DRA. Disabling EFS is through accessing the encrypting file systems menu in the local security policies and right clicking to go to all tasks and then selecting delete policy. However, turning off EFS is not quite that easy in a workgroup environment. You can find more details about in recently published Microsoft’s documents.

Networking Setup and Troubleshooting:

Windows XP is very powerful operating system which includes a lot of features when it comes to networking. Windows XP is multi protocol ready and uses NWLink which is easily configured for simple file sharing. However, it also supports the universal TCP/IP protocol. The advantages are numerous and even a working copy to new IPv6 protocol for all you network wizards to play around with. NetBEUI support is not longer available as a standard but as a hidden add-on on the disk. Windows XP also gives us the ability to bridge different media types. The network connection box shows you one entry for each network connection available on your computer. Bridging them can be very easy by just selecting them all and right-clicking to select bridge connections. You can install other protocols like NetBEUI by clicking install and then by choosing “have disk” and browsing through the disk to install it. Windows XP has introduced an alternate configuration on TCP/IP settings where it kicks into the alternate configuration if the primary one is not obtained. This can be used to store two different connection settings for home and office for your laptop or in another applied scenario. Networking with Windows XP is not without its pitfalls. Networking troubleshooting in Windows XP begins at a basic level where the first thing the administrator should do is look if the cable is plugged in and the lights are blinking. You can then go ahead and type the net config redirector command which displays the entire current network configuration on your computer. You can even repair a connection by right clicking on the connection you want to fix and Windows XP then runs a lot of commands behind the hood to fix that connection. If this still doesn’t work you can then use the command “nets hint ip reset [logfile]”. In essence this tears the stack down all the way the base and rebuilds that TCP/IP connection or in other words reinstalling the connection. You can access the advanced settings by clicking advanced tab and then choosing advanced settings which shows you the bindings on that computer. Another command used is IPCONFIG with flags like /all, /renew, /flushdns and /registerdns. Other simple commands used are PING command for pinging IP addresses, TRACERT for tracing IP addresses, NBTSTAT –R to empty and reload name cache, NETSTAT for showing all the incoming and outgoing active connections and NETSTAT – R which shows you the routing table.

READ ‘Pt 2′ for more details.

stormondemand.com Instant Cloud Server Deployment. stormondemand enables you to effortlessly create servers on the fly and fully customize your hosting configuration with a click of the mouse. You’ll enjoy hourly billing, so you never pay for more than you need to, and access to our full suite of tools to manage your cloud network of servers. Storm is a Liquid Web Company. http

www.ntv.co.ke Vice President Kalonzo Musyoka had a rare encounter on Friday. He came face to face with Somali pirates being held at the Shimo la Tewa prison in Mombasa. Kalonzo who is also in charge of prisons, however, walked out of the prisons gates unscathed and did not have to pay any ransom. He assured the pirates that their basic rights would be upheld.